I apologise if this has been mentioned before, although I was unable to find a solution when I searched through previous posts or the API docs.

I have been attempting to construct some simple queries from a JavaScript application. The application is running on a localhost at the domain http://localhost'. I.e. the 'Origin' specified in the request header is 'http://localhost'.

However, I am unable to enable access by adding 'http://localhost', or 'localhost' (or any other permutation) as an authorized JavaScript domain. A message appears saying that this is an 'invalid domain'. Am I missing something here?

How do I enable access for an application on a localhost?

It would be good if the API docs clarified this, assuming this isn't a stupid question!

Answered my own question (after some trial and error). The problem was fairly trivial, but it had me scratching my head for some time so I'll post the solution here in case it helps anyone else in a similar situation.

I was unable to add 'http://localhost' to the authorized JavaScript domains, so the solution was to create an alias for localhost in my hosts file, in this case modifying /etc/hosts, adding the line:

127.0.0.1 application.com

Then adding 'http://application.com' to the authorized JavaScript domains. I think the API expects a URL consisting of three parts, i.e. protocol, second-level and top-level domain. So http://domain.domain

Might I suggest mentioning in the API docs that 'http://localhost' is not permitted as an authorized domain?

Hope that helps anyone uncertain how to access the API from localhost domain.

We have been looking at the security implications of allowing localhost, which basically means that if your API key is compromised, then it could be used by any client that runs from "localhost". In reality, this appears to be an infinitesimally small risk, so will look to enabling http://localhost in API key registration.

we are developing a fintech software in ASP c# and we don't face any issues using localhost for development.

We call our own API URL which uses HTTP client to fetch companies house API data and we just feed this directly to our own API URL. The benefit of developing this way is to protect your API key. If you make to many requests your IP's could be banned. So if your key is not easily accessible.

I know a workaround is easy to implement (for example having /etc/hosts 127.0.0.1 localhost localhost.localdomain), but it would still be convenient in some cases to just have localhost like many other API providers allow.

We struggled with the same issue. Although the fix is quite simple to implement, once you know how, the user experience of the API could be improved if the CH would allow developers to tick a box which allows requests from localhost.